For businesses large and small, relying on a cloud-based collaboration and productivity suite such as Microsoft Office 365 is becoming the norm. Enhancing productivity in your organisation is vital to get ahead in 2017 - and using Office 365 can help, if it's used right...

Who will keep you out of trouble with the GDPR?

Sanderson's Mary Worthington runs down the most important things you should be doing now to get GDPR ready before May 2018

From May next year the new European Union General Data Protection Regulation (GDPR) will change the way businesses and public-sector organisations handle data. The deadline is looming and the threat of huge fines for non-compliance is pushing organisations to act quickly. So what are the most important things you should be doing now to get GDPR ready?

A pressing problem for most businesses is where to start with GDPR, if they haven't already, when they don't even know what data they currently have or how they are handling it.

The even bigger question most organisations will face is who will actually handle this mammoth task: bearing in mind that some newly mandated roles will also come with legal responsibilities that could entail prison sentences for failure or negligence.

What are your current capabilities?

It is important to look internally and assess what your organisation's current capabilities actually are. The first step is to run an internal audit. In some organisations the responsibility for GDPR will sit with the legal team.

However, with most it will be in the hands of the information security function or a designated Data Protection Officer. Either way these departments will need to have knowledge of the new regulation and the growing power to take on the work load.

Get the right people in

Once you have a good understanding of any gaps in your resources it is then advisable to seek help from specialist suppliers who are engaging with the challenge of GDPR. Resourcing suppliers with specialisms in IT and cyber security should have the capabilities to source either an individual or an entire team who have the ability to handle GDPR from the outset, without further training or investment.

We have already been approached for a number of permanent and contract roles across a huge range of commercial sectors including financial services, consultancies and SME's.

These positions have been anything from entirely GDPR specific hires, to blended positions which will encompass the demands of GDPR alongside other responsibilities.

Seeking an experienced supplier who is already actively sourcing candidates for roles like this is essential when finding the appropriate blend of experience and business acumen to do the job. It will pay off massively when it comes to finding the right person.

Have you sought business buy-in?

A key challenge for anyone working in this area is advocating a change in behaviours. In order for organisations to successfully adhere to GDPR everyone within the company needs to be fully on board with what impact this will have to the business and to their daily routine.

To prevent any resistance to the work that needs to be done, education and awareness as well as collaboration between business units are essential to the program. In some organisations this has resulted in ‘GDPR Champions'; individuals who sit within different areas of the business to pioneer the strategy and serve as a point of contact for that function.

However you choose to do it, looking at ways you can raise business understanding of what they are doing and why is an essential step to making the process between now and May 2018 a much less smoother road.